New macOS ‘KandyKorn’ malware targets cryptocurrency engineers

The North Korean Lazarus hacking group has released a new macOS malware named ‘KandyKorn’, which targets cryptocurrency exchange platform blockchain engineers. The attackers pretend to be members of the crypto community on Discord channels to distribute detrimental Python-based modules that initiate a multi-layered KandyKorn infection. The malware operates discreetly, allowing Lazarus to access and steal data from the infected device, primarily focussing on crypto firms for financial gains rather than information.